CVE-2025-47707

CVE-2025-47707 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. ...
8 months ago

CVE-2023-47707 - IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ...
2 years ago Tenable.com

CVE-2024-47707 - In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Blamed commit accidentally removed a check for rt->rt6i_idev being NULL, as spotted by syzbot: Oops: general ...
1 year ago Tenable.com

CVE-2024-50575 - In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API ...
1 year ago

CVE-2024-50577 - In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings ...
1 year ago

CVE-2024-50579 - In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible ...
1 year ago

CVE-2024-50580 - In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule ...
1 year ago

CVE-2024-50581 - In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag ...
1 year ago

CVE-2024-50582 - In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements ...
1 year ago

CVE-2024-50573 - In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services ...
1 year ago

CVE-2024-50574 - In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality ...
1 year ago

CVE-2024-50576 - In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest ...
1 year ago

CVE-2024-50578 - In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page ...
1 year ago

CVE-2021-47707 - COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', ...
1 month ago

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
10 months ago Cybersecuritynews.com CVE-2024-5594

Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
6 months ago Krebsonsecurity.com CVE-2025-53770

CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
11 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861

Apple backports zero-day patches to older iPhones and Macs - Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 ...
9 months ago Bleepingcomputer.com CVE-2025-30456

Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More - Google has issued an emergency security update for its Chrome browser to address a critical zero-day vulnerability, CVE-2025-6558, that is being actively exploited in the wild. The Node.js project released security updates on July 15, 2025, to fix ...
6 months ago Cybersecuritynews.com CVE-2025-6558

CVE-2025-37859 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago

Hardening Windows Servers - Top Strategies to Prevent Exploits in 2025 - By leveraging the default security enhancements in Windows Server 2025 alongside strategic implementations of Application Control, Attack Surface Reduction, and proper credential management, organizations can significantly reduce their risk exposure ...
8 months ago Cybersecuritynews.com

CISA Warns of Windows NTFS Vulnerability Actively Exploited to Access Sensitive Data - In an era where file system vulnerabilities comprise 23% of KEV entries, the March 2025 advisories serve as a stark reminder: patch, segment, and verify—before attackers exploit the gaps. These flaws CVE-2025-24984, CVE-2025-24991, CVE-2025-24993, ...
10 months ago Cybersecuritynews.com CVE-2025-24984

Palo Alto Networks tags new firewall bug as exploited in attacks - Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. "Palo Alto Networks has observed exploit ...
11 months ago Bleepingcomputer.com CVE-2025-0111 CVE-2025-0108 CVE-2024-9474

Cybercrime Escalates in 2025 as Hackers Target Everyday Devices with Sophisticated Attacks - “We’re handing attackers the keys to critical operations,” warns Forescout CEO Barry Mainz, noting that 50% of the most vulnerable devices 2025 are routers, the gatekeepers of home and enterprise networks. Hybrid Broadcast-Broadband Television ...
8 months ago Cybersecuritynews.com CVE-2023-1389

CVE-2025-37916 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago